Twitter Worm Lures Victims into Scareware Trap

Share it on Twitter  
Share it on Facebook  
Share it on Linked in  

Security software vendor Kaspersky today is warning Twitter users to be on the lookout for a new worm that's distributing malicious links that eventually redirects victims to a fake anti-virus software website.

Kaspersky Lab analyst Nicolas Brulez writes in an advisory posting that the fast-moving worm uses the "goo.gl" URL shortening service to distribute the offending links.

Shortened URLs, commonly embedded in the body of 140-character tweets, have become a favorite target of hackers who know that many people using the microblogging service are far more likely to click on a link in a tweet before thoroughly vetting the link.

"The redirection chain may push Twitter users to a fake anti-virus serving the 'Security Shield' rogue AV," Brulez said. "The webpage is using exactly the same obfuscation techniques as a previous version which is an implementation of RSA cryptography in JavaScript to obfuscate the page code."

Malicious links to scareware sites have become more and more common as hackers aggressively mine social networking platforms for personal information they can then use to create more authenticate-looking malware lures.

Once the worm has redirected Twitter users to the scareware site, the scam really takes flight. It informs the intended victim that his or her "machine is running suspicious applications" and prompts users to run a scan. The subsequent scan identifies alleged threats and advises users to click to remove the threats.

Of course, this move results in the download of the fake "Security Shield" application.

In September, a similar malware campaign derived from the "onMouseOver" Twitter worm infiltrated thousands of Twitter accounts, redirecting followers to malware-laden pornographic sites and spreading more malicious content throughout the Twitter community.

Kaspersky and other leading security software vendors continue to warn Twitter and Facebook users to exercise some judgment and caution while surfing around their favorite social networking sites.

"Bear in mind that clicking on random links may lead to severe infection of your machine," Brulez said.

Larry Barrett is a senior editor at InternetNews.com, the news service of Internet.com, the network for technology professionals.

Keep up with security news; Follow eSecurityPlanet on Twitter: @eSecurityP.